IoC Skills Bootcamp¶

Cyber Security¶

Prof. Phil Legg, University of the West of England¶

31st January 2022

About Me¶

http://www.plegg.me.uk

Co-Director:

  • UWEcyber ACE-CSE (NCSC-certified)
  • Programme Leader:

  • MSc Cyber Security (NCSC-certified);
  • IoC Skills Bootcamp
  • Module Leader:

  • Cyber Security Analytics;
  • Security Data Analytics and Visualisation
  • Research Interests: Cyber security, Machine learning, Visualisation - insider threat, security analytics, adversarial AI, explainable AI

    Set yourself up for success¶

    • We will cover fundamental cyber security skills and work through various practical tasks.
    • You will need to study the materials, investigate the concepts in use, and promote your skillset to prospective employers.

    Portfolio¶

    • Create a Github account https://github.com/
    • Get a HTML5 template https://html5up.net/
    • Set up a Github Pages https://pages.github.com/
    • (Alternative) Set up a Wix blog https://www.wix.com/html5bing/hiker-blog

    Keep an online record of what you have studied - what did you do? why it was useful? what have you learnt? Develop a habit of blogging - short articles that summarise your learning.

    Self-Study¶

    W3 Schools offer a Cyber Security primer that you should begin reading. It covers four core topics: Cyber Security, Networking, Cyber Attacks and Cyber Defence. Aim to complete at least one section each week as part of your additional reading.

    https://www.w3schools.com/cybersecurity/index.php

    On completion of each section, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Week 1: Basic Pentesting¶

    We will be looking at the following tasks:

    • Basic Pentesting Example - [Video] [THM Room] [Guide]

    We will show a complete "boot-to-root" example of penetration testing. The purpose of the exercise is to get a feel for the process involved, and to introduce some initial tools that you need to be familiar with. You will want to study the process again at a slower pace in your own time, to fully understand how to gain full machine access.

    On completion of the task, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Week 2: Basic Web Application Security¶

    We will be looking at the following tasks:

    • OWASP Juice Shop [THM Room] [Guide]

    We will explore a vulnerable web application to demonstrate common issues that can be exploited by attackers. We will use Burp Suite to examine requests and to further our understanding of networking and communications. You will want to study the Juice Shop further in your own time, and reflect on your reading from the W3 schools materials.

    On completion of the task, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Week 3: Security Operations using Splunk¶

    We will be looking at the following tasks:

    • Splunk [THM Room] [Guide]

    We will explore Splunk - a Security Information and Event Management (SIEM) tool for investigating cyber security data feeds. It is widely used by cyber security analysts and Security Operations teams. We will work through a scenario where we investigate the activities related to the cyber attack using Splunk.

    On completion of the task, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Week 4: Metasploit¶

    We will be looking at the following tasks:

    • Metasploit [THM Room]
    • Bolt [THM Room]

    We will explore Metasploit - a widely used tool for offensive security that can be used to deploy known attack vectors (CVEs) against target machines. It is a powerful tool suite so you should conduct research on the tool using the first room. The second room illustrates this tool in practice for gaining access to a vulnerable Windows machine. Previously we have accessed a Linux machine, and so this will give you some exposure to different Operating Systems. We also explore Bolt to see how a Content Management System (CMS) could be compromised.

    On completion of the task, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Week 5: Malware¶

    We will be looking at the following tasks:

    • MAL: Malware Introductory [THM Room]
    • MAL: Strings [THM Room]

    We will take a brief look at malware analysis to introduce the topic area. We will consider the different ways that malware can be examined. We will run some practical examples of malware analysis using TryHackMe to ensure safe execution of any potentially dangerous files. We will explore how malware developers may attempt to hide their actions, and how we as defenders may attempt to recover this behaviour.

    On completion of the task, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Week 6: Information Risk / Portfolio¶

    We will be looking at the following tasks:

    • ISO27001 [THM Room]

    Cyber security practitioners should have an awareness of information risk management - it is fundamental to the role of protecting data, information, and computer systems. You should think about the threats, vulnerabilities and assets that contribute to give an overall risk, and how that can be assessed based on likelihood and severity. You should consider how to mitigate attacks that may impact on confidentiality, integrity and availability of information.

    On completion of the task, you should aim to write a short summary article (max. 1000 words) to add to your online portfolio to demonstrate your learning.

    Finally, you should reflect on your portfolio. You should now be near to completing your online portfolio, and should share this with your peers and teaching team for comment and feedback.

    Thank you¶

    • Phil.Legg@uwe.ac.uk
    • http://go.uwe.ac.uk/phil
    • http://www.plegg.me.uk